ALTER DEFAULT PRIVILEGES

Synopsis

Use the ALTER DEFAULT PRIVILEGES statement to define the default access privileges.

Syntax

  1. alter_default_priv ::= ALTER DEFAULT PRIVILEGES
  2. [ FOR { ROLE | USER } role_name [ , ... ] ]
  3. [ IN SCHEMA schema_name [ , ... ] ]
  4. abbr_grant_or_revoke
  5. abbr_grant_or_revoke ::= a_grant_table
  6. | a_grant_seq
  7. | a_grant_func
  8. | a_grant_type
  9. | a_grant_schema
  10. | a_revoke_table
  11. | a_revoke_seq
  12. | a_revoke_func
  13. | a_revoke_type
  14. | a_revoke_schema
  15. a_grant_table ::= GRANT { grant_table_priv [ , ... ]
  16. | ALL [ PRIVILEGES ] } ON TABLES TO
  17. grant_role_spec [ , ... ] [ WITH GRANT OPTION ]
  18. a_grant_seq ::= GRANT { grant_seq_priv [ , ... ]
  19. | ALL [ PRIVILEGES ] } ON SEQUENCES TO
  20. grant_role_spec [ , ... ] [ WITH GRANT OPTION ]
  21. a_grant_func ::= GRANT { EXECUTE | ALL [ PRIVILEGES ] } ON
  22. { FUNCTIONS | ROUTINES } TO grant_role_spec [ , ... ]
  23. [ WITH GRANT OPTION ]
  24. a_grant_type ::= GRANT { USAGE | ALL [ PRIVILEGES ] } ON TYPES TO
  25. grant_role_spec [ , ... ] [ WITH GRANT OPTION ]
  26. a_grant_schema ::= GRANT { USAGE | CREATE | ALL [ PRIVILEGES ] } ON
  27. SCHEMAS TO grant_role_spec [ , ... ]
  28. [ WITH GRANT OPTION ]
  29. a_revoke_table ::= REVOKE [ GRANT OPTION FOR ]
  30. { grant_table_priv [ , ... ] | ALL [ PRIVILEGES ] }
  31. ON TABLES FROM grant_role_spec [ , ... ]
  32. [ CASCADE | RESTRICT ]
  33. a_revoke_seq ::= REVOKE [ GRANT OPTION FOR ]
  34. { grant_seq_priv [ , ... ] | ALL [ PRIVILEGES ] } ON
  35. SEQUENCES FROM grant_role_spec [ , ... ]
  36. [ CASCADE | RESTRICT ]
  37. a_revoke_func ::= REVOKE [ GRANT OPTION FOR ]
  38. { EXECUTE | ALL [ PRIVILEGES ] } ON
  39. { FUNCTIONS | ROUTINES } FROM grant_role_spec
  40. [ , ... ] [ CASCADE | RESTRICT ]
  41. a_revoke_type ::= REVOKE [ GRANT OPTION FOR ]
  42. { USAGE | ALL [ PRIVILEGES ] } ON TYPES FROM
  43. grant_role_spec [ , ... ] [ CASCADE | RESTRICT ]
  44. a_revoke_schema ::= REVOKE [ GRANT OPTION FOR ]
  45. { USAGE | CREATE | ALL [ PRIVILEGES ] } ON SCHEMAS
  46. FROM grant_role_spec [ , ... ]
  47. [ CASCADE | RESTRICT ]
  48. grant_table_priv ::= SELECT
  49. | INSERT
  50. | UPDATE
  51. | DELETE
  52. | TRUNCATE
  53. | REFERENCES
  54. | TRIGGER
  55. grant_seq_priv ::= USAGE | SELECT | UPDATE
  56. grant_role_spec ::= [ GROUP ] role_name
  57. | PUBLIC
  58. | CURRENT_USER
  59. | SESSION_USER

alter_default_priv

ALTER DEFAULT PRIVILEGES - 图1

abbr_grant_or_revoke

ALTER DEFAULT PRIVILEGES - 图2

a_grant_table

ALTER DEFAULT PRIVILEGES - 图3

a_grant_seq

ALTER DEFAULT PRIVILEGES - 图4

a_grant_func

ALTER DEFAULT PRIVILEGES - 图5

a_grant_type

ALTER DEFAULT PRIVILEGES - 图6

a_grant_schema

ALTER DEFAULT PRIVILEGES - 图7

a_revoke_table

ALTER DEFAULT PRIVILEGES - 图8

a_revoke_seq

ALTER DEFAULT PRIVILEGES - 图9

a_revoke_func

ALTER DEFAULT PRIVILEGES - 图10

a_revoke_type

ALTER DEFAULT PRIVILEGES - 图11

a_revoke_schema

ALTER DEFAULT PRIVILEGES - 图12

grant_table_priv

ALTER DEFAULT PRIVILEGES - 图13

grant_seq_priv

ALTER DEFAULT PRIVILEGES - 图14

grant_role_spec

ALTER DEFAULT PRIVILEGES - 图15

Semantics

ALTER DEFAULT PRIVILEGES defines the privileges for objects created in future. It does not affect objects that are already created.

Users can change default privileges only for objects that are created by them or by roles that they are a member of.

Examples

  • Grant SELECT privilege to all tables that are created in schema marketing to all users.
  1. yugabyte=# ALTER DEFAULT PRIVILEGES IN SCHEMA marketing GRANT SELECT ON TABLES TO PUBLIC;
  • Revoke INSERT privilege on all tables from user john.
  1. yugabyte=# ALTER DEFAULT PRIVILEGES REVOKE INSERT ON TABLES FROM john;

See also